I’m using the docker image mitmproxy/mitmproxy:2.0.2 to sniff traffic between a Postgres client (psql) and server. The server uses TLS, but the client and server each send a single message before deciding to do the TLS handshake - these message appear to confuse mitmdump, so that it doesn’t know to intercept/decrypt the subsequent TLS traffic:

Subsequently, mitmdump does not recognize the conversion of the connection to use TLS, so all I can see is the encrypted messages. Does anyone have any advice about how to catch the handshake when it happens (since it does not happen right at the initial connect) and force mitmdump to intercept it? Any suggested modifications to my script appreciated!

This is quite tricky unfortunately. The easiest way to do this is probably writing your own Layer, and then hooking next_layer (as e.g. here). In that layer, you’d read both pre-TLS messages before opening up a TLS layer. You can read through modes/socks_proxy.py to get a rough idea on how to write your own layer, but it’s still a fairly nontrivial thing to do.